Insyde Software Security Advisory

Insyde ID Advisory Category Impact of Vulnerability Severity Rating Original Date Last Revised
INSYDE-SA-2021002 Software Escalation of Priviledges TBD 10/14/2021 10/14/2021

Summary:

Uncontrolled input in the InsydeH2O Int15MicrosoftSmm driver to a software SMI function may allow the caller to gain elevated privileges. Fixed in different chipset-specific releases of InsydeH2O.

Vulnerability Details

CVE-2020-5955

Uncontrolled input in the InsydeH2O Int15MicrosoftSmm driver to a software SMI function may allow the caller to gain elevated privileges. Fixed in different chipset-specific releases of InsydeH2O.

Intel Skylake: 05.04.15.0001, Intel Skylake MRD: 05.05.39.0001,
Intel Kaby Lake (Client): 05.10.48.0001, Intel Greenlow/Greenlow-R (Server/Embedded): 05.12.09.0075, Intel Kaby Lake MRD: 05.11.26.0015,
Intel Cannon Lake: 05.21.43.0001,
Intel Coffee Lake (Client): 05.21.43.0001, Intel Mehlow/Mehlow-R(Server/Embedded): 05.23.04.0045,
Intel Whiskey Lake (Client): 05.21.43.0001, Intel Whiskey Lake RVP (Server/Embedded): 05.23.45.0023, Intel Whiskey Lake/Coffee Lake: 05.23.27.0001,
Intel Comet Lake (Client): 05.32.47.0001, Intel Comet Lake RVP (Server/Embedded): 05.34.09.0030,
Intel Ice Lake: 05.32.30.0001, Intel Tiger Lake: 05.41.35.0001,
Intel Whitley-SP: 05.42.11.0026,
Intel Grantley-EP: 05.04.21.0068,
Intel Elkhart Lake: 05.42.09.0003
Intel Purley-EP Refresh Neon City: 05.21.51.0040

Revision History:

Revision Date Description
1.0 10/14/2021 Initial Release
- - -

Return to Insyde's Security Pledge